🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 97 of the GDPR: Review and evaluation of the regulation by the European Commission

Home GDPR articles decrypted Article 97 of the GDPR: Review and evaluation of the regulation by the European Commission
Article 97 of the GDPR provides for a clause of periodic review of the regulation by the European Commission. This mechanism aims to ensure that the GDPR remains relevant, effective and adapted to technological and societal developments.

Article 97 of the GDPR explained

The European Commission must, no later than May 25, 2020, then every 4 years:

  • Evaluate the application of the GDPR in all Member States,
  • Present a report to the European Parliament and the Council,
  • Propose modifications if necessary, taking into account new technologies, digital technology, the information society, etc.

The Commission can also consult the European Data Protection Board (EDPB) and the European Data Protection Supervisor as part of this evaluation.

Why is this article important for your GDPR compliance?

This article ensures that the GDPR doesn't become obsolete faced with the rapid evolution of technologies. Potential revisions resulting from this mechanism may modify the obligations of data controllers and affect your internal procedures.

How to comply with Article 97 of the GDPR?

  • Make one active legal and regulatory monitoring, particularly on publications from the European Commission.
  • Anticipate them possible legislative changes by collaborating with a DPO or compliance expert.
  • Regularly update your internal policies and your processing register according to regulatory developments.

Examples of application of Article 97 of the GDPR

  • A company adapts its data retention policy after publication of a Commission report recommending stricter supervision.
  • A public body is setting up a monitoring unit to monitor European recommendations on data security resulting from the GDPR assessment.
  • An association adjusts its practices in response to an amendment proposed by the Commission during a quadrennial review.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.
👉 GDPR: Self-assess now

Other articles
on the same subject